New old virus; Apple patches; Corporations at large

Published: 2005-01-28
Last Updated: 2005-01-30 23:58:51 UTC
by Handlers (Version: 1)
0 comment(s)
The continuation of modified virus still seems to infect networks. Overlooked operating systems, sometimes you overlook the patches for those systems. Mumblings about corporate assets and job security.


Beagle/Bagle:

Various variants of virus seem to still be spreading around. Nothing that is new, but just annoying to those of us that have pledged to protect our networks. The latest is Beagle/Bagle worm/virus.


http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.az@mm.html

http://vil.nai.com/vil/content/v_131351.htm

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AZ


Apple Patches:

Sometimes I forget that there are other operating systems out there besides the obvious ones. Our own handler Swa, was mumbling around and found out that Apple notified subscribed customers only, that patches for the Mac OS X 10.2.8 and 10.3.7 were available. They cover the following:

at commands - local privilege escalation

ColorSync - heap overflow fixed though malformed input files

libxml2 - potentially exploitable buffer overflows

Mail - strange one: CAN-2005-0127: Message-ID info leak

PHP ? multiple known vulnerabilities

Safari - pop-ups (when not blocked) can mislead users

SquirrelMail - CSS vulnerability fixed


More info at:

http://docs.info.apple.com/article.html?artnum=300770

Corporatations at large:

For most reading this, I?m preaching to the choir. The Beagle/Bagle variant, patches and mysql bot are all just examples of even if we don?t know what we are protecting, we should be doing better. With the addition of IPS devices, application filtering firewalls, etc.. etc.. there really should be no excuse of why some of this stuff continues to spread around the networks at large. You can?t continue to use just one piece of the technology, you have to ?? Defense in Depth

With that said, there are various things that companies can do, and very soon will be required to do to further protect these assets. VISA and MasterCard have both released requirements that companies will have to follow in order to process credit cards in the future. I think that we are finally on to something. It doesn?t matter how many times I?ve said to ?x? company in the past that they need to do ?y? now maybe they will start taking this advice more seriously than they would have previously done.

For some of us, protecting these networks is our day job, and allows us to continue to still be employed. So you might say that it is job security. But in the end we also get held responsible for what may or may not happen to these networks.

In the end I love what I do, and I can say that the work I do I take with pride. I often view the networks that I?m employed to protect, as my own, and treat them as such. And when something happens to them, I take a look back and learn from the mistakes I?ve made to better protect them.

Visa CISP information:

http://tinyurl.com/4ph6h

MasterCard SDP information:

https://sdp.mastercardintl.com/



The views expressed here are those of the handler on duty, and do not necessarily reflect the views of the ISC.
Keywords:
0 comment(s)

Comments


Diary Archives